Merge branch 'security-fix-regex-dos-11-6' into 'security-11-6'

[11.6] Fix DoS in reference extraction regexes See merge request gitlab/gitlabhq!2778 (cherry picked from commit 06f1ea1f540b62aefbaa4f69901de2d29df11e7c) e73f2f1d Fix slow project reference pattern regex
author: Yorick Peterse <yorickpeterse@gmail.com> 2019-01-24 15:50:36 +0300
committer: Yorick Peterse <yorickpeterse@gmail.com> 2019-01-24 15:50:39 +0300
commit: 80dd048222b9da5199195a1b620cc5b651216fd6 (patch)
tree: 619e56c12cbf30f14e1d18dbd55a1a882c2222ee /spec
parent: 0d22b9b88888d7c339cd678c3baaa83c25c7ccd7 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/spec/lib/banzai/filter/project_reference_filter_spec.rb b/spec/lib/banzai/filter/project_reference_filter_spec.rb
index 48140305e26..060a680a996 100644
--- a/spec/lib/banzai/filter/project_reference_filter_spec.rb
+++ b/spec/lib/banzai/filter/project_reference_filter_spec.rb
@@ -26,6 +26,12 @@ describe Banzai::Filter::ProjectReferenceFilter do
     expect(reference_filter(act).to_html).to eq(CGI.escapeHTML(exp))
   end
 
+  it 'fails fast for long invalid string' do
+    expect do
+      Timeout.timeout(5.seconds) { reference_filter("A" * 50000).to_html }
+    end.not_to raise_error
+  end
+
   it 'allows references with text after the > character' do
     doc = reference_filter("Hey #{reference}foo")
     expect(doc.css('a').first.attr('href')).to eq urls.project_url(subject)
author	Yorick Peterse <yorickpeterse@gmail.com>	2019-01-24 15:50:36 +0300
committer	Yorick Peterse <yorickpeterse@gmail.com>	2019-01-24 15:50:39 +0300
commit	80dd048222b9da5199195a1b620cc5b651216fd6 (patch)
tree	619e56c12cbf30f14e1d18dbd55a1a882c2222ee /spec
parent	0d22b9b88888d7c339cd678c3baaa83c25c7ccd7 (diff)